split-pdf

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches PDFs from the open web (Step 1: "Use WebSearch" and "Use WebFetch or Bash (curl/wget) to download the PDF") and then reads and interprets those untrusted, third-party PDF contents as part of its mandatory batch-reading workflow (Step 3), so external document text could indirectly inject instructions that influence subsequent tool use and decisions.